import psycopg

with psycopg.connect("dbname=examdb user=examdb") as conn:
	with conn.cursor() as cur:
		sn = 1001
		name = f"Tom" # 用户输入
		
		# HACKED! 
		name = "'); DELETE FROM test_tbl1; SELECT ('"

		stmt = f"""
		INSERT INTO test_tbl1 (sn, name) VALUES ({sn}, '{name}') 
		"""

		print(stmt)
		cur.execute(stmt)

